Hackers Set Off Dallas' 156 Warning Sirens Dozens Of Times
from the not-everything-should-be-connected-to-the-internet dept
So we've talked repeatedly how the shoddy security in most "internet of things" devices has resulted in increasingly-vulnerable home networks, as consumers rush to connect not-so-smart fridges, TVs and tea kettles to the home network. But this failure extends well beyond the home, since these devices have also resulted in historically-large DDoS attacks as this hardware is compromised and integrated into existing botnets (often in just a matter of minutes after being connected to the internet).
Whether it's the ease in which a decidedly-clumsy ransomware attacker was able to shut down San Francisco's mass transit system, or the fact that many city-connected devices like speed cameras often feature paper mache security, you can start to see why some security experts are worried that there's a dumpster fire brewing that will, sooner rather than later, result in core infrastructure being compromised and, potentially, mass fatalities. If you ask security experts like Bruce Schneier, this isn't a matter of if -- it's a matter of when.
In what should probably be seen as yet another warning shot across the bow: slightly before midnight in Dallas last Friday a hacker compromised the city's emergency warning systems and managed to set off the city's 156 warning sirens more than a dozen times. Needlessly to say, the scale of of the warning, and the number of sirens, led many people in Dallas to believe that the city had somehow been physically attacked in the middle of the night:
Dallas officials were forced to shut the system down around 1:20 am on Saturday, and despite informing the public to ignore the false alarms, a city that had already been having 911 issues the last few months found its 911 systems inundated with a massive influx of calls from concerned citizens:
"Even as the city asked residents not to dial 911 to ask about the sirens, more than 4,400 calls were received from 11:30 p.m. to 3 a.m. — twice the average number made between 11 p.m. and 7 a.m., Syed said. The largest surge came from midnight to 12:15 as about 800 incoming calls caused wait times to jump to six minutes, far above the city's goal to answer 90 percent of calls within 10 seconds.
The city is, frankly, fortunate that this didn't result in more problems than it did. City officials say they've identified how the attacker compromised the system, but won't be revealing technical details for obvious reasons (Update: it looks like the attacker used a radio signal attack on city gear to repeatedly set off the sirens). Over at his Facebook page, Dallas Mayor Mike Rawlings was quick to highlight how the attack made it clear the city needs to spend significantly more money on its technology infrastructure:
"This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure. It’s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens."
Of course while older, out-dated systems are certainly a problem, rushing to throw money at companies promising the "connected city of tomorrow in a box" isn't a panacea, either. While it likely had nothing to do with the recent hack, AT&T has been advertising Dallas as the centerpiece of its "IOT" ambitions for the last few years, just one of countless companies rushing into the space in pursuit of new revenue and quarterly growth. The problem, again, is that many of these smart city solutions are from many of the same vendors for which security and privacy were an afterthought in the residential market.
So yes, most cities are in desperate need of a technology and security upgrade, yet often lack the budgets to do so. You just hope that when these upgrades actually occur, they aren't sabotaged by the same superficial concern for privacy and security already plaguing the connected home market.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dallas, hacked, internet of things, iot, warning sirens
Reader Comments
Subscribe: RSS
View by: Time | Thread
So you need to run an external file in that machine? Send us a copy to be tested for malicious behavior in an isolated system first.
It doesn't fully prevent problems, no security system is 100% effective but at the very least you'll be protected against the average bozo and with luck only state sponsored hackers will manage to do anything more than a scratch.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
A) They majorly failed by actually hooking this system to the internet an hoping no one would play with it.
B) They didn't hook it to the internet yet majorly failed at physical security.
I'm not really sure what one of those two is worse. Either way you should make darn sure your big red panic button is well protected.
[ link to this | view in chronology ]
Re: Re: Re:
Short of hiring 156 armed guards, someone is going to get access to a siren. How old are these? Public key cryptography was unknown until 1976, and using a separate symmetric key for each might have been difficult in the days when you couldn't just program a PC to encrypt and transmit 156 messages.
[ link to this | view in chronology ]
Re: Re: Re: Re:
And could make it harder to use the system in an actual emergency, which is why US nukes used 00000000 as a launch code.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Protecting sirens should be extremely low priority -- protecting the button that triggers all of them, city-wide, at once, should be higher priority.
Of course, most traffic cams and intersection cams (not to mention a growing number of traffic light grids) are networked with no encryption whatsoever, such that you just need to find a local pole and plug in to the entire network, with no authentication.
Some grids also have wireless receivers hooked up, and a few, for convenience, are also connected to the Internet.
At least the Internet-connected grids usually have some sort of a firewall, and some level of software security at the C&C center -- but a lot of the stuff hanging off the network is ancient and not only doesn't know about encryption, also doesn't know about safe failure, cooperative networking, or anything else beyond "when this line goes high, I turn on until this other line goes high".
So again, it's not really about securing the hardware, it's about placing minimal security on the network and a whole lot of logical and physical security at the operations center.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Replay attacks would be a concern. A quick web search shows these sirens were legitimately activated several times this millenium, and someone could have saved a message. We'd probably want them transmitted every few minutes, so the sirens can't get stuck in the "on" state for long.
The message could include a timestamp to prevent it. But clocks would drift a lot over the decades. They'd need some kind of regular time adjustment message, or maybe they could pull time from GPS or CDMA (did either exist when they were installed?). A counter might work if there were a way to store the largest-known value for a long period of time.
The one key would be a single point of failure, and would need to be well protected.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Kind of like traffic lights. The control box is right there, no guard needed because you kind of stand out breaking into the box on the street corner.
We have built systems like this for a long time. Think about the phone system. Central office can ring your house phone, but you at home with your phone can't easily ring every phone on the network.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
You could easily mess with streetlights. Do it overnight (like this attack), or just put on a reflective traffic vest and hardhat. Unless you're attacking it with a crowbar nobody's going to question someone in a traffic vest.
A central-office type thing might work for sirens.--ie. run a separate wire from police HQ to each siren, and they can only activate from there. but the lack of redundancy could be a problem in bad weather, especially the kind that knocks out phone lines regularly.
We don't yet know whether the siren attack was easy.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
There's no indication these were on the internet, but this system would be pointless if not remotely operable in some way. It may have a telephone connection or something RF-based. Many systems like this predate strong encryption.
If a hacker reported this problem through proper channels, it would probably be disregarded as "purely hypothetical", requiring a very determined attacker, etc. They didn't have to activate all the sirens multiple times, but this was never going to be fixed without activating one.
[ link to this | view in chronology ]
Re: Re:
"Officials don't know who was responsible for the hacking, but Vaz said "with a good deal of confidence that this was someone outside our system" and in the Dallas area."
Sure it may be old and stuff but the fact it hasn't been updated with more robust security is a problem in itself.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Are they sure it was hacked?
[ link to this | view in chronology ]
Re: Are they sure it was hacked?
[ link to this | view in chronology ]
Always remember that...
[ link to this | view in chronology ]
Who's fault you say?
[ link to this | view in chronology ]
Re: Who's fault you say?
[ link to this | view in chronology ]
Security may be compromised in the interest of simplicity.
Here is what we know. The hacker used a radio signal from within signal reach of a base controller. The hacker knew the codes to trigger every siren in the system which is achieved through radio relays. Each siren can be triggered individually or as part of a group. In this case the code for "all sirens" was used. The hacker continually sent signals to activate the sirens, thus overiding the officials who sent signals to turn the sirens off. The officials eventually changed something in authentication so the hacker could no longer activate the sirens.
I am guessing how authentication works here. It may be possible that it was turned off entirely in Dallas. The simplest, and maybe only method, is to use a programmed fixed sequence of digits that represents an authentication code. I do know that Federal Signal controllers have that capability at least. However, the hacker in this case can use a replay attack. Herein, the hacker listens and records the signals used during a periodic system test. He, or she, simply plays back the same signal.
The solution is to change the authentication code for every activation. Such a rolling-code system is used in many areas such as for unlocking cars and opening garage doors. Unfortunately, the companies that design such systems try to maintain secrecy and the cryptography doesn't get well vetted. I think all these systems had to be corrected once the system was already in the field. There are algorithms for rolling-code systems that don't suffer from known vulnerabilities. The user may have to configure that level of security to make sure they are protected.
[ link to this | view in chronology ]
Re:
Unclear? If they're buying into this, you have your answer.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Siren Secured
[ link to this | view in chronology ]
Worlds Smallest Guard Dog Hornet Keychain Stun Gun
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the <a href="https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/">world’s smallest hornet keychain stun gun</a>. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
[ link to this | view in chronology ]
Worlds Smallest Guard Dog Hornet Keychain Stun Gun
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the world’s smallest <a href="https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/">hornet keychain stun gun</a>. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
[ link to this | view in chronology ]
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the world’s smallest hornet keychain stun gun. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/
[ link to this | view in chronology ]